6in4, sometimes referred to as SIT, is an
IPv6 transition mechanism for migrating from
Internet Protocol version 4 (IPv4) to
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
. It is a
tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of . The
IP protocol number for 6in4 is ''41'', per IANA reservation.
The 6in4 packet format consists of the IPv6 packet preceded by an IPv4 packet header. Thus, the encapsulation overhead is the size of the IPv4 header of 20 bytes. On Ethernet with a
maximum transmission unit (MTU) of 1500 bytes, IPv6 packets of 1480 bytes may therefore be transmitted without fragmentation.
6in4 tunneling is also referred to as ''proto-41 static'' because the endpoints are configured statically. Although 6in4 tunnels are generally manually configured, the utility
AICCU can configure tunnel parameters automatically after retrieving information from a Tunnel Information and Control Protocol (TIC) server.
The similarly named methods
6to4 or
6over4 describe a different mechanism. The
6to4 method also makes use of proto-41, but the endpoint IPv4 address information is derived from the IPv6 addresses within the IPv6 packet header, instead of from static configuration of the endpoints.
Network address translators
When an endpoint of a 6in4 tunnel is inside a network that uses
network address translation
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic Router (computing), routing device. The te ...
(NAT) to external networks, the
DMZ feature of a NAT router may be used to enable the service. Some NAT devices automatically permit transparent operation of 6in4.
Dynamic 6in4 tunnels and heartbeat
Even though 6in4 tunnels are static in nature, with the help of for example the heartbeat protocol
[Heartbeat Protocol]
J. Massar and P. van Pelt one can still have dynamic tunnel endpoints. The heartbeat protocol signals the other side of the tunnel with its current endpoint location. A tool such as
AICCU can then update the endpoints, in effect making the endpoint dynamic while still using the 6in4 protocol. Tunnels of this kind are generally called 'proto-41 heartbeat' tunnels.
Security issues
The 6in4 protocol has no security features, thus one can inject IPv6 packets by
spoofing the source IPv4 address of a tunnel endpoint and sending it to the other endpoint. This problem can partially be solved by implementing
network ingress filtering (not near the exit point but close to the true source) or with
IPsec.
The mentioned packet injection loophole of 6in4 was exploited for a research benefit in a method called ''IPv6 Tunnel Discovery''
[IPv6 Tunnel Discovery]
L. Colitti, G. Di Battista, and M. Patrignani which allowed the researchers to discover operating IPv6 tunnels around the world.
Specifications
* , Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 1996
* , Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2000
* , Basic Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2005
See also
*
IP in IP: the equivalent protocol encapsulating IPv4 in IPv4
Notes
References
{{reflist
External links
How do I configure my machine to set up an IPv6 in IPv4 tunnel6in4 and other tunnel setups on Debian6in4 setup on Plan9 OS
Tunneling protocols
IPv6 transition technologies